Practices for getting information from $_GET/$_POST and saving it to a database?

Question

What are today\'s best practises when it comes to getting information from a get/post and saving information to a database? Is data still escaped like it used to or are there ad

Answer 1

Well it depends on what your values are and where they are coming from. The short and sweet answer is:

ESCAPE AND SANITIZE

which means make sure you put all strings in quotes and make sure you escape all special characters in user submitted strings. Type match and length check.